Problem...

Problem...

offline
  • alen74 
  • Novi MyCity građanin
  • Pridružio: 05 Jun 2009
  • Poruke: 4

Pozdrav svima i komplimenti za forum...
Imam problem sa (najvjerovatnije) nekim trojancem,koji nikako da uspijem skinuti ni sa nod32,ni sa nekoliko antimalwere i antitrojan programima koje sam isprobao do sada...
Imam 2 hd u komp. c i d...
Klikom na bilo koji (ali ne desava se bas uvijek) pokrene mi se iexplorer i kaze mi da mi je komp inficiran,krene scanning i na kraju mi daje nesto za download...
Naravno da odbijem svaki put,ali kako ga se rijesiti?
Ovde dole je izvjestaj Hijackthis:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programmi\Desktop Sidebar\sbhelp.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D487F344-24FF-461D-9497-D640F7413DDA} - C:\WINDOWS\system32\srtht.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmi\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programmi\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programmi\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Link mogu videti samo ulogovani korisnici]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Hvala unaprijed...



offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



Arrow Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.



offline
  • alen74 
  • Novi MyCity građanin
  • Pridružio: 05 Jun 2009
  • Poruke: 4

Uradjeno...evo izvjestaja:


ComboFix 09-06-05.07 - XP 06/06/2009 14.31.54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1983.1488 [GMT 2:00]
Eseguito da: c:\documents and settings\XP\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\XP\IMPOST~1\Temp\drsb.exe
c:\documents and settings\XP\Dati applicazioni\inst.exe
c:\windows\system32\drivers\biqxksse.sys
c:\windows\system32\drivers\waowzxgx.sys
c:\windows\system32\Plugins
c:\windows\system32\Plugins\Hoster\aCallbackMethods.dll
c:\windows\system32\Plugins\Hoster\archivto.dll
c:\windows\system32\Plugins\Hoster\bluehostto.dll
c:\windows\system32\Plugins\Hoster\dataupde.dll
c:\windows\system32\Plugins\Hoster\fastloadnet.dll
c:\windows\system32\Plugins\Hoster\fastshareorg.dll
c:\windows\system32\Plugins\Hoster\fileuploadnet.dll
c:\windows\system32\Plugins\Hoster\megauploadcom.dll
c:\windows\system32\Plugins\Hoster\meinuploadcom.dll
c:\windows\system32\Plugins\Hoster\moosharede.dll
c:\windows\system32\Plugins\Hoster\myvideode.dll
c:\windows\system32\Plugins\Hoster\netloadin.dll
c:\windows\system32\Plugins\Hoster\PluginSettings.ini
c:\windows\system32\Plugins\Hoster\qsharecom.dll
c:\windows\system32\Plugins\Hoster\rapidsharecom.dll
c:\windows\system32\Plugins\Hoster\shareonlinebiz.dll
c:\windows\system32\Plugins\Hoster\shareplacecom.dll
c:\windows\system32\Plugins\Hoster\silofilescom.dll
c:\windows\system32\Plugins\Hoster\speedysharecom.dll
c:\windows\system32\Plugins\Hoster\uploadedto.dll
c:\windows\system32\Plugins\Hoster\yourfilesbiz.dll
c:\windows\system32\Plugins\Hoster\youtubecom.dll
c:\windows\system32\Plugins\YouCrypt\callbackmethods.dll
c:\windows\system32\Plugins\YouCrypt\captcha.dll
c:\windows\system32\Plugins\YouCrypt\cineto.dll
c:\windows\system32\Plugins\YouCrypt\datenbankorg.dll
c:\windows\system32\Plugins\YouCrypt\datenschleuder.dll
c:\windows\system32\Plugins\YouCrypt\ddlscene.dll
c:\windows\system32\Plugins\YouCrypt\ddl(zabranjeno).dll
c:\windows\system32\Plugins\YouCrypt\dreidl.dll
c:\windows\system32\Plugins\YouCrypt\dxpdivxvidorg.dll
c:\windows\system32\Plugins\YouCrypt\gamezam.dll
c:\windows\system32\Plugins\YouCrypt\gapping.dll
c:\windows\system32\Plugins\YouCrypt\g(zabranjeno).dll
c:\windows\system32\Plugins\YouCrypt\linksafe.dll
c:\windows\system32\Plugins\YouCrypt\LinkSave.dll
c:\windows\system32\Plugins\YouCrypt\lix.dll
c:\windows\system32\Plugins\YouCrypt\mirrorit.dll
c:\windows\system32\Plugins\YouCrypt\netfolderin.dll
c:\windows\system32\Plugins\YouCrypt\onekh.dll
c:\windows\system32\Plugins\YouCrypt\rapidfolder.dll
c:\windows\system32\Plugins\YouCrypt\rapidlayer.dll
c:\windows\system32\Plugins\YouCrypt\rapidsafede.dll
c:\windows\system32\Plugins\YouCrypt\rapidsafenet.dll
c:\windows\system32\Plugins\YouCrypt\relinkus.dll
c:\windows\system32\Plugins\YouCrypt\RScomLinkList.dll
c:\windows\system32\Plugins\YouCrypt\rslayer.dll
c:\windows\system32\Plugins\YouCrypt\saveraidrush.dll
c:\windows\system32\Plugins\YouCrypt\secured.dll
c:\windows\system32\Plugins\YouCrypt\securnet.dll
c:\windows\system32\Plugins\YouCrypt\serienjunkies.dll
c:\windows\system32\Plugins\YouCrypt\shareonall.dll
c:\windows\system32\Plugins\YouCrypt\shareprotect.dll
c:\windows\system32\Plugins\YouCrypt\stealth.dll
c:\windows\system32\Plugins\YouCrypt\tinyurl.dll
c:\windows\system32\Plugins\YouCrypt\UndergroundCMS.dll
c:\windows\system32\Plugins\YouCrypt\uppicoasis.dll
c:\windows\system32\Plugins\YouCrypt\urlcash.dll
c:\windows\system32\Plugins\YouCrypt\usercashcom.dll
c:\windows\system32\Plugins\YouCrypt\xlinkin.dll
c:\windows\system32\srtht.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BIQXKSSE
-------\Service_biqxksse


((((((((((((((((((((((((( Files Creati Da 2009-05-06 al 2009-06-06 )))))))))))))))))))))))))))))))))))
.

2009-05-24 12:06 . 2009-05-24 12:06 -------- d--h--w- c:\windows\PIF
2009-05-24 10:51 . 2009-05-24 10:51 -------- d-----w- c:\documents and settings\XP\Impostazioni locali\Dati applicazioni\DesktopSearch
2009-05-24 10:49 . 2009-05-24 10:49 -------- d-----w- c:\documents and settings\XP\Dati applicazioni\Codemonster
2009-05-24 10:49 . 2009-05-24 10:49 -------- d-----w- c:\programmi\Codemonster
2009-05-21 15:14 . 2009-05-21 15:14 -------- d-----w- c:\programmi\File comuni\xing shared
2009-05-15 17:38 . 2009-05-15 17:39 -------- d-----w- C:\XPSOURCE
2009-05-15 16:39 . 2009-05-15 16:39 -------- d-----w- C:\DriveKey
2009-05-09 20:28 . 2009-05-09 20:28 390664 ----a-w- c:\documents and settings\XP\Dati applicazioni\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-08 21:34 . 2009-05-08 21:34 -------- d-----w- c:\programmi\Common Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-06 12:25 . 2009-03-14 18:48 -------- d-----w- c:\documents and settings\XP\Dati applicazioni\SUPERAntiSpyware.com
2009-06-06 12:25 . 2009-03-14 18:48 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-06-06 12:24 . 2009-03-12 15:09 -------- d-----w- c:\documents and settings\XP\Dati applicazioni\Lavasoft
2009-05-24 10:49 . 2008-12-10 18:01 70408 ----a-w- c:\documents and settings\XP\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-05-23 20:32 . 2008-04-14 12:00 80268 ----a-w- c:\windows\system32\perfc010.dat
2009-05-23 20:32 . 2008-04-14 12:00 481664 ----a-w- c:\windows\system32\perfh010.dat
2009-05-21 15:14 . 2008-12-11 15:16 -------- d-----w- c:\programmi\File comuni\Real
2009-05-21 15:14 . 2009-04-29 19:53 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-21 15:14 . 2009-04-29 19:53 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-20 18:19 . 2009-01-18 14:27 -------- d-----w- c:\programmi\Hidden Wonders of the Depths
2009-05-15 16:39 . 2008-12-10 18:22 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-04-29 20:10 . 2009-04-29 20:10 -------- d-----w- c:\programmi\Easy Video Downloader
2009-04-29 19:53 . 2009-04-29 19:53 -------- d-----w- c:\programmi\Real
2009-04-29 18:54 . 2009-04-29 18:54 51032 ---ha-w- c:\windows\system32\mlfcache.dat
2009-04-23 18:39 . 2009-02-15 16:45 -------- d-----w- c:\programmi\eMule
2009-04-15 19:06 . 2008-12-11 08:02 -------- d-----w- c:\programmi\File comuni\Adobe
2009-04-11 19:58 . 2009-04-11 19:54 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-04-02 13:21 . 2009-04-11 19:54 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-03-14 17:49 . 2009-03-14 17:49 10 ----a-w- c:\windows\popcinfo.dat
2009-03-09 21:29 . 2009-03-09 21:30 185856 ----a-w- c:\windows\system32\framedyn.dll
2009-03-09 21:29 . 2009-03-09 21:29 5415 ----a-w- c:\windows\system32\Choice.com
.

------- Sigcheck -------

[-] 2008-09-24 21:26 1571840 47F335983AC68A57021A208BB2BB4D6F c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-05-21 198160]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-12-30 18082304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Programi\\c.downloads\\mIRC 6.31 Italiano - Cosmo Blu\\mIRC.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Documents and Settings\\XP\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programmi\\Activision\\Demo di SHREK TERZO\\SHReK the THiRD.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programmi\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21/12/2007 9.21.56 VANESSA 33800]
R2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [21/12/2007 9.21.16 VANESSA 468224]
R3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [11/12/2008 21.00.58 VANESSA 155648]
S2 spydetector;spydetector;\??\c:\programmi\Spyware Process Detector\spydetector.sys --> c:\programmi\Spyware Process Detector\spydetector.sys [?]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - BIQXKSSE
*Deregistered* - biqxksse
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-05 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-06-06 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

SafeBoot-procexp90.Sys
SafeBoot-WRConsumerService


.
------- Scansione supplementare -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]
FF - ProfilePath - c:\documents and settings\XP\Dati applicazioni\Mozilla\Firefox\Profiles\xgljj5sb.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-06-06 14:35
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2120)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\WgaTray.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PAStiSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-06-06 14.36.59 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-06-06 12:36

Pre-Run: 63.245.185.024 byte disponibili
Post-Run: 63.262.359.552 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

225 --- E O F --- 2009-05-23 14:56

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Upload-uj sledeća dva file-a:

c:\windows\system32\framedyn.dll
c:\windows\system32\Choice.com


Upload link: [Link mogu videti samo ulogovani korisnici]

offline
  • alen74 
  • Novi MyCity građanin
  • Pridružio: 05 Jun 2009
  • Poruke: 4

Uradjeno....

P.S. vec sam primjetio da muzikica pri restartu svira pravilno,jer prije je pucketalo...

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

OK. Ovo izgleda čisto.

Sem ako postoji neki konkretan problem ovde smo gotovi.


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

offline
  • alen74 
  • Novi MyCity građanin
  • Pridružio: 05 Jun 2009
  • Poruke: 4

Ok hvala velika....

Ko je trenutno na forumu
 

Ukupno su 2791 korisnika na forumu :: 59 registrovanih, 5 sakrivenih i 2727 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 9k38, Avalon015, Ben Roj, Cicumile, Ciri1994, Cirkon, Crazzer, DaliborVukadinovic, darionis, delrey, DENIRO, Dzoni70, famoso, gaga23, gripen, Iskander, Jaz, K-1A, keyz, Kobrim, Lepi Jova, lord sir giga, LostInSpaceandTime, lukovic, mack8, max power, MB120mm, mercedesamg, MGBRBG, miki kv, mm1811, nuke92, Oklopnjak, Paklenica, Parker, perko91, Pero, Peruta, precan, raptorsi, rokokoko, ruso, Semberija, Shilok, Sin Boskic, skok, Srki98, Username1000, vaci, veljko82, Vendox, VJ, vrgudinac, Walkers, XBMC, Zastava, ZetaMan, Zrcalo, zzapNDjuric99